tortoisecvs 1.12.5_3@57178.exe

downer for windows

Riyue Tongxing Information Technology (Beijing) Co.,Ltd.

The application tortoisecvs 1.12.5_3@57178.exe by Riyue Tongxing Information Technology (Beijing) Co.,Ltd has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.onlinedown.net and multiple other hosts.
Product:
downer for windows

Version:
1.2.11.27

MD5:
3e8a609c901f3854b36ff1fd396bd3aa

SHA-1:
3b1cc268e67844a701bb076bbe5dc5b712a238ba

SHA-256:
d731639c0e33115886a0f7d9e246c3bd83b17cd5787c57c67ca10e2304af340e

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 9:33:42 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.Gaofenquming
4.0.3.15123

ESET NOD32
Win32/Gaofenquming.B potentially unwanted (variant)
9.12662

Reason Heuristics
PUP.Gaofenquming (M)
16.10.13.15

File size:
2.6 MB (2,738,280 bytes)

Product version:
1.2.11.27

Copyright:
Riyue Tongxing Information Technology (Beijing) Co.,Ltd.

Original file name:
downer

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\tortoisecvs 1.12.5_3@57178.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
11/2/2015 4:48:13 PM

Valid to:
11/2/2016 4:48:13 PM

Subject:
CN="Riyue Tongxing Information Technology (Beijing) Co.,Ltd.", O="Riyue Tongxing Information Technology (Beijing) Co.,Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
55950E596B6D1EB045BBED7DEE696932

File PE Metadata
Compilation timestamp:
11/27/2015 11:31:56 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:R4eI0PZcZAjH2YW4KIBLH0yq3f57g8TJYwNq7WtSDO+nS54IDxdI:RaAG4KIBL0XS89m7oSo5ndI

Entry address:
0x78D740

Entry point:
60, BE, 00, B0, 8F, 00, 8D, BE, 00, 60, B0, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Entropy:
7.9087

Packer / compiler:
UPX 2.90LZMA

Code size:
2.6 MB (2,699,264 bytes)

The file tortoisecvs 1.12.5_3@57178.exe has been seen being distributed by the following 3 URLs.

http://www.onlinedown.net/.../index2.php?ver=4.5 ?????&name=Microsoft ActiveSync&id=21106&token=52cb2c8ee7f75bfcd76cbed5e31a96f6

Remove tortoisecvs 1.12.5_3@57178.exe - Powered by Reason Core Security